By Ewen O’Brien, VP of Enterprise, EMEA at BitSight
Data breaches are never far from the news. Some headlines have even suggested that they’ve become the “new normal.” And while we haven’t seen a wide-scale attack since WannaCry was unleashed two years ago, a recent turn of events suggests that the perfect cyber storm may be brewing.
A few weeks ago, away from the attention-grabbing headlines about big breaches and data compromise, an unusually high number of technology giants experienced what some have called “a cyber week from hell.” Multiple severe and exploitable flaws were discovered in the hardware and software systems of Adobe, Cisco, Facebook, Microsoft, Intel, and WhatsApp.
The sheer scale of this cyber storm has massive cyber risk management ramifications for any organisation. Today’s vulnerabilities and unpatched systems can be tomorrow’s – or even this afternoon’s – next malware target. And when the systems that underpin the world’s business networking and IT infrastructures are at risk, threat actors take notice.
By now, several of the flaws are being exploited. Furthermore, at the time of writing, fixes for many of the vulnerabilities that have been uncovered are still not available. When these patches do come, they’ll likely arrive in a deluge. It’s a CISO’s nightmare. Overwhelmed security teams must rush to apply these patches while maintaining system uptime and ensuring continuity of business operations.
What about the risk beyond your four walls?
But internal patching is not the only concern. CISOs are also responsible for ensuring that strong security policies, procedures, and postures extend beyond the four walls of their businesses and across their supply chains – and with good reason. A recent study showed that 70% of organisations rely heavily on third-party vendors and 59% of breaches originate with those third parties.
In light of recent events, it’s imperative that companies ensure that their vendors are aware of the potential risks and are taking steps to mitigate their exposure. Traditionally, this process would involve a third-party security risk audit often taking the form of a vendor check-in to assess what’s changed and identify areas of risk.
Unfortunately, instituting and managing a third-party audit can be a cumbersome and problematic process. To comply with an audit, each vendor must complete a lengthy questionnaire that gets into the nuts and bolts of their security policies, vulnerabilities, patching history, certifications, and more.
Then, there is the problem of timing. An audit won’t tell you what’s going on during the days when you aren’t performing an assessment – it simply shines a spotlight on a moment in time. Plus, how can you be sure that your vendor has completed the form accurately?
A turning point in cyber risk management
The cyber week from hell indicates that we’ve arrived at a turning point. The threat landscape is evolving at a rapid pace and there aren’t enough hours in the day to conduct lengthy audits across your supply chain, sift through binders of questionnaires, and try to glean insight into your vendor’s ecosystem. With so many flaws and vulnerabilities exposed, organisations need a more agile and automated way to bolster security, adapt to threats, and monitor the security performance of their vendors.
A comprehensive third-party risk management programme can help you gain visibility into the quantitative risk posed by third-party vendors so you can make risk decisions much faster. This can help expose cyber risk within your supply chain, share insights and better focus your resources at vendors who have the highest risk levels so you can advise them on how to increase their security postures, and continuously assess and measure security ratings in real-time.
Communicate your commitment to security excellence
This level of agility extends beyond third-party risk management. CISOs, chief risk officers, and the corporate board are all held accountable for the performance of their cybersecurity programmes. Yet, most organisations don’t have a way to continuously assess and communicate the ongoing state of their own organisation’s cybersecurity. When you implement a security performance management programme, you can find out how secure your organisation really is, compare your security posture to industry averages, allocate resources effectively, and start having data-driven conversations about cybersecurity with key stakeholders.
Are you ready for the “new normal”?
As cybersecurity enters a possible “new normal,” the onus is on the executive team to be prepared to weather the storm(s). The best way to do this is to shine a light on your vendor’s security blind spots while assessing your own vulnerabilities and measuring the performance of your own cybersecurity programme to avoid your own week from hell.
BEFORE THE INK IS DRY: CORRECTING BIOMETRIC SPOOFING MYTHS
Eric Setterberg, System Design Engineer at Fingerprints
Biometric authentication is highly robust, and the latest solutions offer considerably greater security than their authentication predecessors: PINs and passwords.
But as biometrics moves into new areas such as payments and access control, privacy and security concerns are rising. Biometrics has long been subject to scrutiny, with many elaborate examples of people working to trick biometric sensors to crack devices in the media and online.
To ensure the continued adoption of biometrics, it is important to shine a light on the reality of biometric spoofing.
The Evolution of Biometric Solutions…
The first use of fingerprints as forensic evidence was in an Argentinean court case in the late 1800s. With the technology still in its infancy, this was done manually and by eye, comparing latent residual prints lifted from crime scenes to charts of inked fingerprints obtained from the suspects at arrest.
A few decades later, the FBI began collecting fingerprints of criminals and civilians. They also introduced the automated comparison of fingerprints by computers in the 1970s. These “traditional representations” have now been standardized by ISO and ANSI.
… and their Spoofs
The earliest and simplest of these matching devices were easy to spoof. Really, all you needed was a photocopy or a good image of a fingerprint to make a successful spoof.
But as biometrics moved to more advanced technology, the game for biometric ‘spoofers’ has changed and the task of crafting fake fingerprints is considerably more difficult.
The biggest boost for biometric security, however, came with its introduction into mobile phones.
How Mobile Changed the Game
Before the widespread integration of fingerprint sensors in smartphones, the technology underwent significant evolution. No operator wanted to use large biometric sensors in modern phone designs. Sensors had to become much smaller to reach the perfect price and design point for the mobile world, but this meant needing to capture data from a smaller surface area of the finger.
To maintain the security of these smaller sensors, algorithms evolved significantly in order to utilize a greater amount of data per unit area. These mobile-driven hardware and software changes resulted in the optimized image capture of modern touch sensors.
As a result, tricking these systems now requires a considerably higher level of detail to be reproduced correctly for a match to be successful, far beyond rudimentary gummi bear spoofs and photocopies…
Setting the Perfect Spoofing Scenario
Compromising fingerprint authentication via spoofing can still be done, even with all the technological advancements. However, it now requires considerable care, skill, money, and time. And to start, a good latent print…
To retrieve a latent print that’s high quality enough to work, you either need a willing volunteer to lend you their finger, or the commitment to stalk a victim until a viable fingerprint can be retrieved. Even with a decent latent print, modern spoofs then require advanced photoshop skills and/or a lab to successfully convert latent prints into effective moulds.
So – what about those articles boasting how easily they have hacked the latest smartphone device’s fingerprint sensor?
In fact, there are only two instances of fingerprint spoofing seen in the media nowadays: proof of concept and cooperative spoofs. Lay enthusiasts and media go through the effort of setting up a lab to create spoofs with latent fingerprints either from themselves or cooperative volunteers. Even the most successful of these take months of work, a highly skilled team, and the perfect scenario of circumstances.
Put simply, the effort required for spoofing modern fingerprint sensors cannot be applied at any scale. Each biometric spoof needs to go through the same laborious process and clinical conditions. So, if you can bring together a willing group of spoofing enthusiasts, tricking a biometric device could earn you fifteen minutes of fame on the internet, but it is likely to be conducive to a successful criminal business plan…
A “How” Without a “Why”
Spoofing biometrics remains technically possible, and there will always be those up to the challenge of trying to hack the latest technology. But the reality is that modern biometric solutions require more time, skill, and frankly, luck, to successfully spoof than ever before. Not to mention that tireless R&D work is continuously strengthening spoofing resistance. And, as use cases start to combine multiple biometric authenticators, such as combining fingerprints with face or iris to perform an authentication, spoofing will only become more complex.
By comparison, hacking PINs and passwords is considerably simpler and more scalable, making it far more lucrative. And, criminals generally take the path of least resistance.
For the average consumer, greater use of biometric authentication is not only a means of simplifying authentication, but dramatically improving the security of their devices, applications, and personal data. With PINs and passwords still the most common authentication method outside of mobile, it is imperative that the true security and advanced nature of modern biometric authentication solutions are understood.
ARE WE AT THE TIPPING POINT FOR GLOBAL BIOMETRIC PAYMENT CARD ADOPTION?
By Vince Graziani, CEO of IDEX Biometrics ASA
Following the coronavirus outbreak, consumers are ready to go cashless more than ever before. With many businesses discouraging the use of cash because of hygiene questions that surround handling money, contactless payments are front of mind to avoid touching pin pads.
But in an increasingly cashless ecosystem, there is a growing threat of card fraud from the lack of authentication. So we have reached the point where contactless payments need to be made more secure in order to ensure transactions are hygienic, convenient and free from the risk of fraud.
To resolve this, it’s time for biometric smart cards to reach the market on a global scale. By integrating fingerprint sensor technology into a payment smart card, it can provide convenience and greater security to prepare for the cashless economy. The user can pay for transactions by authenticating their finger on their own card and without having to touch a pin pad or sharing their card with the retailer.
Consumers want biometric smart cards in their wallets now
We know that consumers are ready and willing to embrace biometric payment cards. Thanks to scan-to un-lock functions on smartphones and finger or face scanning at passport control, consumers are already familiar with biometric technology in their everyday lives. The acceptance of that technology in a payment card is no lower. In particular, IDEX research revealed that 41% of consumers would be willing to adopt a fingerprint biometric payment card.
However, banks and card issuers aren’t responding to that demand with the speed that consumers need. As early as 2018, tech magazine Wired announced that biometric payment cards were ready to hit our wallets. But following more than 15 years of research and development, and a number of biometric payment card trials around the globe, we still don’t have biometric fingerprint payment cards in our hands.
So why haven’t banks responded to consumer demands and embraced global adoption of biometric cards?
Jumping the global adoption hurdles
Well, according to analysis from Goode Intelligence, there are several hurdles to overcome before biometric payment cards can be shipped to users in their millions – including cost and scheme certification.
Despite being hailed as the future-tech solution to end our use of cash and cards, mobile payments haven’t reached anywhere near the expected level of public adoption in the UK. As of 2019, only around 19% of the UK population used mobile payments. Of course, the fact that Apple, giants in the payment app space, launched a physical credit card last year, and that Google is set to follow suit is further proof of the customer demand for bank cards over mobile payments.
Therefore, it’s clear that the majority of the population still prefer the ease and familiarity of contactless cards. In fact, IDEX research found that six-in-ten (60%) UK consumers would not give up their debit card in favour of mobile payments, so it’s crucial that banks continue to evolve smart bank cards for the next generation of payments.
Breaking down the cost barrier
Of course, cost caused by the manufacturing complexity of biometric payment cards has long been seen as the main barrier to mass adoption. Initially, the cost of the card was considered so prohibitive that a charge would have to be passed on to the end-user. But now this barrier looks set to come down. Thanks to new low-cost sensor technology combined with an enhanced biometric-system-on-chip ASIC, the cost of materials required to build a biometric smartcard, has been drastically reduced.
If card issuers embrace the new fingerprint system technology, it will lead to an improvement in manufacturing processes and yields. The sensor technology will substantially reduce the overall time to market and ultimately reduce costs to the bank and the end-user. Therefore, this development will help manufacturers to overcome the barriers preventing mass adoption of biometric smart cards.
Towards global adoption
We’re now at the tipping point. Consumers today are demanding greater security and hygiene in their payment process. They want biometric payment cards now to make sure their payments fit the bill in this new world.
Many of the barriers to global adoption are no longer the concerns they once were. With the obstacles overcome, the adoption of biometric payments cards is likely to start ramping up in 2021. Banks and smartcard providers should now adopt biometric payment cards on a global scale, to prepare for payments of the future.
FIXING THE FLAWS IN FINANCIAL SERVICES’ DATA MANAGEMENT
Simon Cole, CEO at Automated Intelligence, a cloud-based data compliance and governance solutions provider to the financial services sector, warns FS...
FROM MANUAL TO MACHINE LEARNING: HOW TO APPROACH THE RECONCILIATION ‘PROBLEM’
By Christian Nentwich, CEO at Duco At the start of 2020, before the global coronavirus pandemic changed the world,...
5 WAYS TO MAXIMISE THE VALUE OF INSTANT PAYMENTS
Lauren Jones, International Payments Ambassador, Icon Solutions Instant payments are the ‘new normal’. The last decade saw a ramp-up...
THE BEST PATHS TO SECURE AUTO FINANCING IN 2020
The previously flourishing economy has taken some dramatic turns in the last few months due to the health and economic...
TIPS FOR BUSINESS EXPANSION
Alan Sutherland, CEO of Kind Consumer Every successful business had a beginning. Its founders usually looked for ways to...
THREE QUESTIONS FINANCE LEADERS SHOULD BE ASKING THEMSELVES DURING THE PANDEMIC
Chris Pope, Global VP of Innovation at ServiceNow We’re living through unprecedented times, dealing with a situation completely out...
HOW WILL COVID-19 IMPACT ESG INVESTING LONG-TERM?
By Kerstin Engler, Senior Wealth Manager, Geneva Management Group. Sustainability is a trend on the rise in every sector...
EIS LAUNCHES IN THE UK AS INSURANCE COMPANIES LOOK BEYOND PROTECTION TO DELIVER MORE VALUE TO CONSUMERS
Leading digital insurance platform expands global footprint to meet UK insurance market demands EIS, a core and digital platform provider...
TINK TECHNOLOGY ENABLES MULTI-BANKING FOR NORDEA’S NORDIC APP CUSTOMERS
Tink’s account aggregation, data enrichment and personal financial management technologies have been integrated into Nordea’s mobile banking app to deliver...
BITCOIN COMES OF AGE
Katharine Wooller, Managing Director, UK and Eire, Dacxi The Bitcoin halving event, which occurred on the 11th May, has...
KEEPING PAYROLL SAFE AND SECURE IN LOCKDOWN” – HOW FINANCE FIRMS’ PAYROLL TEAMS CAN MAKE IT HAPPEN
by Richard Dutton, account director, Symatrix With companies across the UK switching to remote working since the pandemic took...
EMERGENCE PARTNERS LAUNCHES TO HELP BUSINESSES NAVIGATE A NEW WORLD OF EMERGING TECHNOLOGY
Consulting firm will partner with clients to transform their businesses using disruptive technologies Emergence Partners, has today launched to provide strategic counsel...
BEFORE THE INK IS DRY: CORRECTING BIOMETRIC SPOOFING MYTHS
Eric Setterberg, System Design Engineer at Fingerprints Biometric authentication is highly robust, and the latest solutions offer considerably greater security...
DIY SOS: FIXING-UP THE FINANCIAL SERVICES HOUSE
By Edwin Abi, CMO, Modulr It has been 11 years since the 2008 financial crisis. And in that time,...
ARE WE AT THE TIPPING POINT FOR GLOBAL BIOMETRIC PAYMENT CARD ADOPTION?
By Vince Graziani, CEO of IDEX Biometrics ASA Following the coronavirus outbreak, consumers are ready to go cashless more...
KEEPING DATA IN THE VAULT: INSIDER BREACH RISK IN FINANCIAL SERVICES
by Tony Pepper, CEO. Egress Financial services organisations are trusted with far more than just money; they are also responsible...
MOBILE MONEY MOVED THE NEEDLE ON FINANCIAL INCLUSION – BUT NEEDS SCALED INFRASTRUCTURE TO FULFIL AFRICA’S POTENTIAL
Dare Okoudjou, Founder and CEO, MFS Africa Africa is gearing up to become of the great success stories of...
WHAT WILL SALES LOOK LIKE IN A POST COVID-19 WORLD?
Max Eaglen, Director at Platform Group, looks at how businesses will need to re-shape their sales techniques in a post COVID...
HOW HAS THE CORONAVIRUS LOCKDOWN IMPACTED THE MANUFACTURING SECTOR?
As thousands of people have headed back to work, the manufacturing industry will need to have safety guidelines set out...
CAN AUTOMATION HELP BUSINESSES GET PAID ON TIME?
By Magali Michel, Director at Yooz Procurement process costs account for an average of 60% of turnover for most...